[Samba] Samba+LDAP Group mapping

Markus Bajones bajo at fet.at
Mon Dec 10 14:25:53 GMT 2007


Hi,

I had the same problem and solved it for me yesterday.
I downloaded the samba.schema file from the original samba version 3.0.24
available from samba.org and copied it to /etc/ldap/schema/samba.schema,
restartet sladp.

Now I am able to find the groups within the windows security setting
dialog and with the net rpc group  command.

Best regards,

Markus Bajones

> Hi,
> I'm running into weird problems after switching from tdbsam to ldapsam
> user backend. I have transferred all local unix and samba groups with the
> sambaldap-tools scripts. The 'net groupmap list' command prints all
> group mappings correctly, and I also can use all the groups present in
> LDAP for setting local file ownerships.
>
> However these groups don't appear in the windows security setting
> dialogues (e.g. for setting file permissions or matching local groups
> with domain groups). All I get is a list of users. Even the built-in
> groups like 'Domain Administrators', 'Replicator Operators', ... are
> missing.
>
> I'm running the current Debian stable samba and open ldap.
>
> Cheers
> Maro¨
>
>
> LDIF from ldap (just one group as an example):
> dn: cn=Domain Admins, ou=Groups, dc=hui, dc=net
> sambaSID: S-1-5-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxx-512
> gidNumber: 512
> memberUid: administrator
> displayName: Domain Admins
> sambaGroupType: 2
> description: Netbios Domain Administrators
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> cn: Domain Admins
>
> The relevant parts of the smb.conf:
> [global]
>         workgroup = HUINET
>         domain logons = Yes
>       	[..]
>         obey pam restrictions = Yes
>         null passwords = no
>       	[..]
>         passwd program = /usr/sbin/smbldap-passwd "%u"
>         passwd chat = "...."
>         ldap password sync = yes
>         passdb backend = ldapsam:ldap://127.0.0.1/
>         ldap admin dn = cn=samba,ou=DSA,dc=hui,dc=net
>         ldap suffix = dc=hui,dc=net
>         ldap group suffix = ou=Groups
>         ldap user suffix = ou=Users
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=Computers
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>         ldap delete dn = no
>         delete user script = /usr/sbin/smbldap-userdel "%u"
>         delete user script = /usr/sbin/smbldap-groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x
> "%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g "%u"
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>




More information about the samba mailing list